Bot
Bot is a ransomware that runs on Microsoft Windows. It was discovered by Jakub Kroustek. It is part of the CrySiS/Dharma family. Payload Transmission Bot is distributed through spam campaigns, trojans, untrustworthy download channels, fake software updaters and "cracking" tools. Massive scale spam campaigns are used to send out deceptive emails, containing infectious attachments. Infection Bot operates by encrypting data and demanding a ransom for its decryption (i.e. payment for the decryption software/tools and keys). During the encryption process, all files are retitled with a unique ID number (generated individually for each victim), Bot's developers' email address and the ".bot" extension. Therefore, a file named "1.jpg would appears as something similar to "1.jpg.id-1E857D00.nmode@tutanota.com.bot" and so forth for all files. After this process is complete, a text file titled "RETURN FILES.txt is created on the desktop and a pop-window is displayed. The text file tells affected users that their data has been encrypted. If they wish to retrieve it - they must contact the cyber criminals behind Bot ransomware. The pop-up window contains a detailed ransom note. It states that victims' data has been encrypted using the RSA encryption algorithm, to restore it users need to write to the given email addresses. Should there be no response, there is an alternative email address provided. The email must contain the victim's unique ID number. The developers of Bot warn that the decryption keys will only be stored in their servers for seven days, therefore users should not delay in contacting them. As proof of their ability to recover the data, the criminals offer to decrypt one file for free. The file must be no larger than 1Mb (non-archived) and contain no important information, such as backup, database, large excel sheet, etc. Text presented in Bot ransomware's pop-up window: All FILES ENCRYPTED "RSA1024" All YOUR FILES HAVE BEEN ENCRYPTED!!! IF YOU WANT TO RESTORE THEM, WRITE US TO THE E-MAIL nmode@tutanota.com IN THE LETTER WRITE YOUR ID, YOUR ID 1E857D00 IF YOU ARE NOT ANSWERED, WRITE TO EMAIL:nmodes@aol.com YOUR SECRET KEY WILL BE STORED ON A SERVER 7 DAYS, AFTER 7 DAYS IT MAY BE OVERWRITTEN BY OTHER KEYS, DON'T PULL TIME, WAITING YOUR EMAIL FREE DECRYPTION FOR PROOF You can send us up to 1 file for free decryption. The total size of files must be less than 1Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.) DECRYPTION PROCESS: When you make sure of decryption possibility transfer the money to our bitcoin wallet. As soon as we receive the money we will send you: 1. Decryption program. 2. Detailed instruction for decryption. 3. And individual keys for decrypting your files. !WARNING! Do not rename encrypted files. Do not try to decrypt your data using third party software, it may cause permanent data loss. Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam. Category:Ransomware Category:Win32 ransomware Category:Microsoft Windows Category:Win32 trojan Category:Win32 Category:Trojan